Re: Camellia for OpenPGP

On Tue, Apr 24, 2007 at 11:48:44AM +0900, Hironobu SUZUKI
wrote:
> 
> 
> > 
> > 	You MAY implement Camillia. [ref]
> > 	Cipher number is 11.
> > 
> 
> That's good.
> 
>  	You MAY implement Camillia with 256-bit key. [ref]
>  	Cipher number is 11.
> 
> It would be perfect.

If nobody objects, I thought I'd have a crack at putting
together a
draft for this.  I've been meaning to learn the xml2rfc
stuff anyway.

I notice you're just mentioning Camellia with a 256-bit key,
which
leaves out the 128 or 192-bit keys.  I don't disagree, but
I'm curious
if that was intentional.

128 is okay, but 192-bit keys in OpenPGP strike me a bit as
"neither
here nor there" (I argued to keep AES-192, but that had
already been
deployed in the field).

David

David,
 
> I notice you're just mentioning Camellia with a 256-bit
key, which
> leaves out the 128 or 192-bit keys.  I don't disagree,
but I'm
> curious if that was intentional.

Yes, intentional. I chose Camellia-256 by the point of view
of
marketing.

I found that may people had selected TLS/AES-256 ciphersuite
for their
https when they could use it under their system. Many people
think
"more strong cipher for me".  I know that it is
overkill for thier
security.  But most important thing is "to supply what
users want to
get".

And there are many 128-bit ciphers which are already used.
People will
use a cipher that they used to using.  But in 256-bit
ciphers, there
only two ciphers except Camellia and many people aren't
familiar with
256-bit cipher yet. In that situation, it will be easy to
accept
Camellia-256bit.

Camellia-256 is good for surviving cipher war.

Regards,

---
Hironobu SUZUKI <hironobu at h2np dot net><hironobu
at fsij dot org>
Hironobu SUZUKI Office, Inc. / FSIJ / WCLSCAN / OpenPKSD
Tokyo, Japan.
http://h2np.net